14.4. Configuring RA Logging

RA logs are configured differently than other subsystem logs. All of the RA logs are viewed and configured manually in the CS.cfg file. This is because logging is configured through the administrative console for the other subsystems (CA, OCSP, DRM, and TKS), but the RA does not use a Java console.

The RA maintains three subsystem logs:

A debug log (ra-debug.log)

An error log (ra-error.log)

An audit log (ra-audit.log)

These logs are stored in the /var/lib/instance_name/logs directory by default. Other types of logs, such as transaction logs and system logs, are not generated by the RA instance.

14.4.1. About RA Log Settings

For each log generated by an RA instance, there are three parameters which must be configured in the CS.cfg file:

Certain log features that are available to the other subsystems' logs do not apply to RA logging:

Log rotation

Registering and deleting log modules

Buffered logging

Signed audit logs

Log level 0 is least verbose log level; 10 is most verbose.

Table 14.12. RA Logging Parameters

Parameter

Description

logging.log_type.enable

Enables logging for that specific log type. The valid values are true|false.

logging.log_type.filename

The full path to the log file, including its name. For example, /tmp/tps-debug.log.

logging.log_type.level

The log levels. The levels range from 0 to 10.

0 - No logging.

4 - LL_PER_SERVER. Messages that happen only during startup or shutdown.

6 - LL_PER_CONNECTION. Messages that happen per connection.

8 - LL_PER_PDU. Messages that happen for every transaction.

9 - LL_ALL_DATA_IN_PDU. Dumps all data in the PDU.

10 - All logging.

failover.pod.enable

Specifies whether to use a pod-type failover mechanism. The valid values are true|false. If there are two CA connections, two TKS connections, and two DRM connections configured from the TPS, when pod-type failover is enabled, if the TPS fails to connect to the first CA, for the next enrollment it will use the second pod, meaning it will connect to the second CA, DRM, and TKS host and port.